TheArchive/tailscale
1
0
Fork 0
mirror of https://github.com/tailscale/tailscale.git synced 2025-01-05 14:57:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

cmd/tailscale: use html/template for synoTokenRedirect

Browse Source 
The GitHub code scanner flagged this as a security vulnerability.
I don't believe it was, but I couldn't convince myself of it 100%.
Err on the safe side and use html/template to generate the HTML,
with all necessary escaping.

Fixes tailscale/corp#2698

Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
This commit is contained in:
Josh Bleecher Snyder 2022-01-13 13:03:00 -08:00 committed by Josh Bleecher Snyder
parent 27da7fd5cb
commit a076aaecc6
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
cmd/tailscale/cli/web.go
View File

@ -270,14 +270,14 @@ func synoTokenRedirect(w http.ResponseWriter, r *http.Request) bool {
// We need a SynoToken for authenticate.cgi.
// So we tell the client to get one.
serverURL := r.URL.Scheme + "://" + r.URL.Host
fmt.Fprintf(w, synoTokenRedirectHTML, serverURL)
synoTokenRedirectHTML.Execute(w, serverURL)
return true
}
const synoTokenRedirectHTML = `<html><body>
var synoTokenRedirectHTML = template.Must(template.New("redirect").Parse(`<html><body>
Redirecting with session token...
<script>
var serverURL = %q;
var serverURL = {{ . }};
var req = new XMLHttpRequest();
req.overrideMimeType("application/json");
req.open("GET", serverURL + "/webman/login.cgi", true);
@ -289,7 +289,7 @@ func synoTokenRedirect(w http.ResponseWriter, r *http.Request) bool {
req.send(null);
</script>
</body></html>
`
`))
func webHandler(w http.ResponseWriter, r *http.Request) {
if authRedirect(w, r) {